Analysis
-
max time kernel
121s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
12/06/2024, 22:26
General
-
Target
a2b0da3efa2d142b049561ab24504da7_JaffaCakes118.html
-
Size
182KB
-
MD5
a2b0da3efa2d142b049561ab24504da7
-
SHA1
dd83e6c2a71dc84263ff3d2d857dabadf3bfdc72
-
SHA256
4d6ac223ca29a665fd19d5c43ce0857b26942e995f0e0b932d07cdf52503135e
-
SHA512
5a04be5c0dad1918c4cfc41fd31508c18286aec514207bbf1c8a3c3ea6060a2cdbfd14dd6e88b907c321eab2d32d8dd098eab065a7a6b65241f4c129df0811a2
-
SSDEEP
3072:SpgRqY0jDKJ1JflEk8p7N5yfkMY+BES09JXAnyrZalI+YFrGOiDXev:SpgRqY0jDKJ1JflEk8p7NcsMYod+X3oK
Malware Config
Signatures
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
UPX packed file 3 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 36 IoCs
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious behavior: MapViewOfSection 25 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\system32\wininit.exewininit.exe1⤵
-
C:\Windows\system32\services.exeC:\Windows\system32\services.exe2⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch3⤵
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}4⤵
-
-
C:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\wbem\wmiprvse.exe -Embedding4⤵
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k RPCSS3⤵
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted3⤵
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted3⤵
-
C:\Windows\system32\Dwm.exe"C:\Windows\system32\Dwm.exe"4⤵
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs3⤵
-
C:\Windows\system32\wbem\WMIADAP.EXEwmiadap.exe /F /T /R4⤵
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k NetworkService3⤵
-
-
C:\Windows\System32\spoolsv.exeC:\Windows\System32\spoolsv.exe3⤵
-
-
C:\Windows\system32\taskhost.exe"taskhost.exe"3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetwork3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation3⤵
-
-
C:\Windows\system32\sppsvc.exeC:\Windows\system32\sppsvc.exe3⤵
-
-
-
C:\Windows\system32\lsass.exeC:\Windows\system32\lsass.exe2⤵
-
-
C:\Windows\system32\lsm.exeC:\Windows\system32\lsm.exe2⤵
-
-
C:\Windows\system32\csrss.exe%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=161⤵
-
C:\Windows\system32\winlogon.exewinlogon.exe1⤵
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a2b0da3efa2d142b049561ab24504da7_JaffaCakes118.html2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1220 CREDAT:275457 /prefetch:23⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\svchost.exe"C:\Users\Admin\AppData\Local\Temp\svchost.exe"4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
342B
MD5f2d25029d5f7afdfd4539312704b1c9d
SHA195ed2bb278ab93660f387dfe26e549834781259f
SHA25631942c4e52268e5c3e5fe3fd0b1b752caa3a22abb4a3a84fe0bbdd62b27172ab
SHA512d6a38e6ee1e3c4d4480f015a93dbd7d903a04c913857f5a1e1b44dd7ddd40dcd3ae84fea0a97762a6eb01b9361192f6b9588be548795f6c60010b72f6c999f8f
-
Filesize
342B
MD5096ced4aa9c31c08ffdba608cdfb0ccf
SHA1c38360a9e2b5827830c4752208220aff32e88085
SHA256bcad27e21a91b5c1ec3e62ac3691f9406fa18707eac4a865ffaca1efdb2adc84
SHA512bdf120a2498e7ba6dd9ac373b9a1720b31fd1c3c6e02bb29b389bc270c060e66e24f261d87db2f06cae0f9bde52b6ba979176b4bfa04763706e9f778e90a6280
-
Filesize
342B
MD5b3795a5bdfff3a46827f0b38eb6bbb30
SHA1b2ea7650a5864432a56a4ac83b347e604804fd86
SHA2569d43f5466c7fac9401bf6b62ee53b7875383599feaab49dda0301568f560c7f8
SHA512babeaa2e0548c9d9ebd4208f58cb6128a177cdca1a9976a8f23b36203423b7da5465098c8886ee55d301e9f27f93dc0e14ed5acd1244cc4d431fb1a532a74901
-
Filesize
342B
MD5b2ebe2fc910ed750a122bf21bdad29c7
SHA1364bac6dba7247be7296a32a36617324f1d6514f
SHA256568ac90002b22a58ed046a503894517a7d2a13d0122f8ee59f2da0f68bfbdf11
SHA512dc5c47006696cea4dd60a9f113f3e2b148b4f4bc9972d35dbed7aa4215c089b5202342502980bc12175f47387060076d7121d3ecb45622c28e3efdc69d3fb009
-
Filesize
342B
MD5057a668950a2a86879dfc0915281dd55
SHA133c3193bd4da57c77e87ef5dcbb8df25cce6cc70
SHA2566f75095c4f89a5e36a9082a033a9e93104380b40485ff0bcc4571a16bbf03b82
SHA512878fdfac5cef27149d48f8159398d1a5c844d7063465e50399db3a3e52381254622d33982af4548226d6f01d6ea2b2eb65a629cfd1db74bd256c5916c6220074
-
Filesize
342B
MD54f7eb94a0c5abab21415fcaba6f4d039
SHA1f2fa27147dcedce9beecc613358b45b18a712388
SHA25630cc9aa75d6617e628528146a7e4674356f8d250434617d9ba961caa20033eea
SHA512750dffa185207fba1c2aa2fdf38a469f0e1b0f13059771ca5df3f9435490b5aa71d953d84f6db34429615790603e984b1aa642aa24cfb10eeb3598674d647d0d
-
Filesize
342B
MD50bdad59b3ab4579364715d0b2c30d2ac
SHA13cb2e4be32bdbd83f7a02dd18df84d0749d3089f
SHA25658b7a7550663eb8e4c081620b15389970b95473e2d2d83851af6232a84146df6
SHA512015b31fc2a1782eb0f737bbe1978b4551aabf0c7569533fc6cc603d26e352c07be707ba265939700a95da739c3a371464879d2c7c750852a5640184628da8969
-
Filesize
342B
MD5186214874437ba1d28a99417a48f2f28
SHA12bc9f6251497150729ff3519a14656802b8de9b6
SHA256e2744e5bfc59820d36e2dda0fe2e6624c61456da918e4cdb45bcdea2b674d885
SHA5126e59b16e4f8b03b1c0e3ccdfcb1c5d6a9753ce8415aeb1a6a26e9386737bb72d23c87ad5b9099560c51ddeeb7c49e91aabf0adbf117585ee31c7008feaeb8c60
-
Filesize
342B
MD5088b669488c7f9a51cd84a7afc9fed6c
SHA1a0ab939243cb3ba0949bd06ca36a224779e8cfd7
SHA2563a18937edc90b73c75b98246a6f90df6885c096f72025837afcc564dd4880d07
SHA51215df9bf203b7af10545abdf1faeda0ddd5da2e45670d1b60c25211f50637ade816cba361b3b703607d4b2a06e99024b2f3c7ddaa9a663a9b060c4486e9fa69e2
-
Filesize
342B
MD5c88fdfb8516147352a7a8778917a13a2
SHA1d4a3a2df1ed982ed8a42f61880ba3166004dd96c
SHA256a54f1cceac76bff16e37f3d7f90ad255c10a1aa86b967a99eb533372d4e3c574
SHA512aface22eeabf29286793d3c10a0c59bca8534694054e13cdc3f7d95259dce8b5c3ad1c97020751dc2787e5dae82798f3e0d930efe88f0bda629c7dc3d17d922d
-
Filesize
342B
MD563beafe2603d5fc092e17e9f551ac7c0
SHA1047320a201dae1a046cc6868ae4569db78e47202
SHA256d46e4195ef70bd80865bd6d348c53e6e47227b4957dfd41cf1d52f450248c2e1
SHA51279ecc592064eda0736cfbc0a403fb70ed633d6ad36355bad9a4582017273e927fbf342a9deb8ba8c8d9ab7ede1a854ca3c1caf99e840c4b2714a809e9b2fc623
-
Filesize
342B
MD56fc8ed4983a934b19db5d5f50624e4b1
SHA1b49e878aa90eadb3da71d1d09f9528e39db79ab7
SHA256bbe113d1ba91e8d32d90053a8d6e1885dd7cecda53660956ac71f129b9863ff2
SHA5125e18cbd1c0cc7bbc4b4b3106aebb78cfcc405dee5e236fc80d82b680191690f31735973bf8c6ab498b34bca6e7cdaa22351f94831c211ba50ea0d75b3b7e0334
-
Filesize
342B
MD53c06ad9a57f6dc8fd4e0e5afeec2009f
SHA1b1d9f97dac703e26b055244479aaf48b001511f3
SHA256c217bec98af6a4c47bce4fb83a8ae0f7279fb5f3e7872a262f2ee62850ef7535
SHA512b55520e3afcfea9b31fce1ee8af883b57cb268cd4a619688766d18505dff0aa6e058735b8ed020cce569d19e97d147945bde7b08dca927834a1010f0ccd20f2e
-
Filesize
342B
MD54076e005fdac82db081493bd7542bd07
SHA106d8f6f6220674cda05edce13357ecd281dd1077
SHA256fbc2ab418b7f89ced932813e80fa098ab75ff59cabcec02f483587b9d86504af
SHA5122b3b0602e60d41e4a898ee4d3d9b24fb6cc39842af09cbb97edbca48eaa7098997fef89f0b4ae8e70c3bd3d2b89cd9a5520b67db9f15864f38bc382b76ca9409
-
Filesize
342B
MD564543c4c06927fe5823582057588216b
SHA140d51ff8c205e73e2560f04fecedc819fcebc7b6
SHA256e7340dd5d1face5f5e9b26ffb4634eebab80e628d0c4a2b466375f273d9748db
SHA51289c7aa695954de3cc2826c64c9cb304b16a3dcffea3939cfbf4e3d9d9374ad881805c7b6d48491e2007c85bae1175c31f5a96ce2823e5784918ff61bc4e76c2b
-
Filesize
342B
MD5cd05f6106bea637811f5c4b8127a8988
SHA16f81c08e773f16ec23a75638b92773a11c505532
SHA2569abd4b1ffabfaa684c1f24624eff264197fdc7cb9cfb3d16ee0b372216fbe4e4
SHA5127e8ec11da4e77d1b15e74ddb052300997cf534bcf166db2f63a9966191a903323ef6e2e952f38fb19acbdfe9d7246200138b7c91fb0ed54c86a52f2e4c938104
-
Filesize
342B
MD536bfa62a08fee85071d7db2617de6ffa
SHA13286488896b9eecefd057e76aa277bbcf6528674
SHA256f51b984026035085436d1d4a229f5643e5ffc6ebd5df805bac3c91ebe8dfddc7
SHA51210e0408075a6a85d86e36c379002428dd42e7d5387cf364d51c6b798475013b79114c2f4c69a760f901cce62b052fcc6a714c908bb76504e325f55e2c8501b57
-
Filesize
342B
MD52df5ed6ccba99b4f104b0840cda8cd60
SHA1d5950f9ad67a1da5f8fdd2907af0674ca95e937c
SHA25619a555459df19156b4d7b77aa27a8c78ee8a73ea567552ba548dc34a7173a584
SHA512765771ff9ba307a693d6105f78c2eca60a5ae8f8fbdc41523bfc2511a1c85af98b46a43e8d920d71363dab089b7114df70dbe8502b4fef075d0bf591ef2566ec
-
Filesize
342B
MD5b90912b9673f18cc3369f9a53f1ac839
SHA16573356fac69958a7c22946222ae9473c966538d
SHA256b6d7484dcbd79bf281cde055219d3f3fa06e4f55b6496c9ee64c83d44ba2f7cc
SHA5128a12c484843b3fe2dedfc0eee2c8da2528706d305a74af489478b731ed9adeb543f79f964042a0e5277451cab57d0d57505a311984867773165535c428dcd91a
-
Filesize
342B
MD5a36552768625d9f1b49f83ee947efcaf
SHA157e85c86d8c7533a94510d8947e36d6b72e70e51
SHA25602ff2102d013b30942b90278caf53ec08616926b9fc1e939076f1ae47ae1dff6
SHA51223d53ee90cc1e5a1d6ec015017928861bf46b8dab50d021386ea9b79800a0f29cae50e269cd58ad6fda96e9c7b66a791fbf3a7485208c52c5c0eed63a6ff62be
-
Filesize
342B
MD5f2f1fa451f71f3807a6a713fd8f33679
SHA1e8a9f2fa48d097f71faa8630186e3a9a203bb9a3
SHA256051f4bcae08273bc65bf4acfe6074d745fec3cde4b11f18b4e16e28865cd9ece
SHA512d1d04487839185e2f5ace641943d91f54550f6e0ce6b9ab1101c7bbd51c63a319d3df0512a977bc3a266898bd3dd4ad88d5a0571f5e4c761a9a2c63430fb217a
-
Filesize
342B
MD55a1f6f3dfe04bb1c0976e05ac2e7c3f8
SHA1560acfc9dbe51cfd9da62b9ca9f05a1c8155733b
SHA2567b280b4e5e41fe270cda8f12a461c158294715e2b888ca3d1fdc75e2cfe2b20d
SHA51206aaea92ce271edf1c79896a97f4d868910d241db7f3ace0653db173f5972e95559c0cf6f68f2f6d083e1071dfcb5155d7250800f6da8e23b120dea154b0fbd9
-
Filesize
342B
MD50bab163594b93699ca5e1cdccaf89fe4
SHA13602b7d48f4ea6760bf013c3e83e694566423107
SHA256352a6a1b2beef813d8bf66d12e248532914716e7b25570bdf91f616270028b2d
SHA512d49749d2a079ade0d56bf64ea0a39cd52e559e1bbe716c71012a8c03c67efaf0d411ec467ae741293dd3cca7941eccc55fb7345b1e26226219787573bc5bc416
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
84KB
MD503451dfbff127a5643a1ed613796621d
SHA1b385005e32bae7c53277783681b3b3e1ac908ec7
SHA25660c6c49b3a025dbf26a1f4540921908a7ea88367ffc3258caab780b74a09d4fb
SHA512db7d026781943404b59a3d766cd4c63e0fa3b2abd417c0b283c7bcd9909a8dad75501bd5a5ff8d0f8e5aa803931fc19c66dcaf7f1a5450966511bdaa75df8a89
-
Filesize
60KB
-
Filesize
216KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
216KB